Search Exploit

NUUO NVRmini Products are prone to an remote command-injection vulnerability.

An attacker may exploit this issue to inject and execute arbitrary commands within the context of the affected application; this may aid in further attacks.NOTE: This issue is the result of an incomplete fix for the issue described in BID 106058 (NUUO NVRmini Products CVE-2018-14933 Remote Command Injection Vulnerability).

Information

Bugtraq ID:

106059

Class:

Input Validation Error

CVE:

CVE-2018-15716

Remote:

Yes

Local:

No

Published:

Nov 30 2018 12:00AM

Updated:

Nov 30 2018 12:00AM

Credit:

Tenable

Vulnerable:

NUUO NVRsolo Plus 3.10 NUUO NVRsolo 3.10 NUUO NVRmini 2 3.10

Not Vulnerable:

Exploit

The researcher who discovered this issue has created a proof-of-concept to demonstrate the issue. The exploit is otherwise not publicly available.